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Posted at Monday, July 28, 2008 

ProRat Tutorial (Create Trojan) 

*NecrOtoxln's Prorat V1.9Fix2 Tutorial 


First thing's first, you'll need a clean copy of Prorat VI.9 here is a link where you can get it from. 

http ://www. megaupload, com/?d=QNRlBZ3G 

This file includes: 

ProRat VI.9 
The english help file 
Skin packs 1-5 
The skin builder 

pass: netcrew 

password for prorat vl.9: pro 


Now you have the necessary files, let's start with the tutorial. Extract ProRat Vl.9 and run the ProRat application. We'll start with a 
ProRat server. Click create near the bottom and a small context menu will come up, for now let's just make a ProRat server, we'll 
cover the other types later. 

The ProRat server is the server the rat communicates with, all the fun trojany things :P 
The setup is pretty simple we'll start with the notifications area. 

Pro connective notification- 

this is basically the SIN notification. Where it asks for you ip address just click on the little red half-circle on the side and it will 
locate your external ip address for you. 

Mail notification- 

self explanitory, the server will send you an email to tell you the victim has been infected. 

ICQ pager- 

If you use ICQ you can be notified of infections via that, put in your UIN and when a victim is infected you will be informed via 
ICQ 

CGI- 

This connects to a web cgi page and uploads the information when a victim is infected 
Choose whichever you like, I usually use email and SIN (Pro connective.) 

Ok let's move on to the general settings now. 

Server Port- 

the port you run your server off of (default 5110) For the most part you don't want to use the default port 
Server password- 

Pick a password insure only you have access 

Victim name¬ 
nothing very important, just so you can send separate people separate servers and be able to identify each, use whatever you 
want here 

Give a fake error message- 

when the server is run it displays an error message. You can edit what it says by clicking configure after checking the box. 

Melt server- 

After the server is installed the server installer is deleted if checked 
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Kill AV/Firewall- 

when the server is run it kills the Anti-virus and Firewall processes to hinder detection if checked 
Disable win Xp SP 2. - 

This kills the windows firewall upon execution if checked 
Clear windows xp restore points- 

This wlff delete all system restore points to avoid repairing the infected computer if checked 
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useful estate planning tool 


Don't send LAN notifications- 

this disables notifications if someone within your network is infected, notifications still work from outside connections just not on 
LAN if checked 

Invisibility- 

All three of these settings help to hide the server from the user. I'm not going to explain them, I'll just tell you to leave them all 
checked 
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Bind with file- 

Allow you to choose a file to bind the server to (this helps prevent detection) 
Server extensions- 

Pick the extension type that you want 

Server icon- 
Pick an icon 


So you've set all of your settings, now click on create server in the bottom right corner and wait a few moments while the program 
builds the server. Go find some suckas that will run it and give them the file. 

Now back at the main window of ProRat we're going to click on the little check-box next to the R on the bar up top. This step is 
unnecessary if you didn't use the pro connective notification. This listens for the SIN notifications 

Put in the IP address of your victim and the port the server runs on and click connect, you'll be prompted for your password. 

Now instead of walking you through this, this is the fun part, playing with your toys, I'll tell you what not to try if you are doing 
the testing on your own PC 

CHAT- 

Do not attempt this unless you are prepared for a reboot or you are testing with a server on one computer and the client on 
another. 

FUNNY STUFF- 

Avoid close monitor because you won't be able to see what you are doing. 

Same with open screensaver 

ok these ar the informations about the other server types 
Downloader server- 

(copy pasted from prorat, sorry I'm really tired) 


Downloader server's aim is to infect the victim in an easy way. ProRat server is 350 kb but Downloader server is just only 2kb. It 
is easier to send to your victim. 

Downloader server's job is to download and run the real server on the target PC. It downloads the real server in a fast way and 
executes the file without asking any questions to your victim. When Downloader server is binded with a file, the files size won't be 
too much big so your victim will not get suspicious with the size of the file. 

If you want to use Downloader server you must have a web hosting and you can also use a free hosting. After this you must 
create a normal server and put it into your web hosting area." 

Lets say : 

You have a signed a free area from http://www.tripod.lycos.co.uk/signup/signup.phtml and you got a web hosting like this 
"http://members.lycos.co.uk/yourarea/" and upload your server that you created with ProRat client to this area. 

After you uploaded you server your server address will look like "http://members.lycos.co.uk/yourarea/server.exe" Now the only 
thing you must do is create a Downloader server. 

CREATING DOWNLOADER SERVER : 

To create a Downloader server you must click on '"Create" button first. A popup screen menu will appear. Click on "Create 
Downloader Server" Button and get into the Create Downloader server menu.. 

When you type the URL on the Downloader server menu it will save it automatically so when you want to cerate another 
Downloader server it will help you for saving time. 

You have to follow this way: 

1- URL : 

In the Downloader server menu you have to type the URL for the download process that will be done on the target PC. For 
example: "http://members.lycos.co.uk/yourarea/server.exe" 

2- Bind With a File : 

You can bind your server\downloader server with a file that you want. You must click on the "Bind the server with a file" button 
and then the file button will be activated. You can choose a file to be binded with the server now. The extension is not so 
important you can see the size of binded server in the "Server Size" part. 

3- Server Extension : 

You can choose the extension of Server\Downloader server that you will create. ProRat server supports 5 extensions. You can use 
these extensions for server: *.exe - *.scr - *.pif - *.com -*.bat 

But 2 of them support icons. Other ones don't supports windows icon service. *.exe and *.scr has got icon support so you can 
choose icon for this extensions. 

4- Server Icon : 

If you choose a extension that has got an icon support. You can select the one you want to use with the server from the small 
pictures on the menu, but don't forget icons will make the server size a little bigger then the normal size. 

If you want to use these icons click on the "server icon" section and select the "Server icon" box. Choose one of them and your 
server will use this icon after created. 

If you have done all the settings, you can create Downloader server. Now You only have to Click on "Create Server" button. 

After you have created your Downloader server you can change its name. It will automatically download the real server and run it 
on the target PC with invisibility. 

Downloader server will restart it self until it downloads the real server on target PC. 

Warning: If the target PC gets disconnected while the Downloader server is downloading the real server from the web host, the 
downloading process will not resume from the last percentage it will just only ""restart to download the real server again and If you 
want a function like resuming the download from a 2kb program you wont behaving fairly against PRO GROUP. 


Create CGI victim List 
(copy pasted once again) 


What is a Victim List? : 

Victim list is a system that will let you view the information sent from the server just like the email and icq notifications. The 
information sent to your CGI list contains your victims IP address, Port number, password etc... that gives you victims all details 
for connection. 
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Creating Victim List : 

This is one of the biggest differences between other Trojans CGI notifications. ProRat has got the best CGI victim list creator on its 
own client. You can adjust everything you want when you are creating your victim list. You don't have to loose time in configuring 
the victim list codes like the other CGI victim lists, and you can choose which language you want to use in CGI victim list. 

If you want to create your victim list you must click on the create button and a popup menu will appear, click on create CGI victim 
list button and you will see 4 boxes and a create cgi files button. The features of the boxes are listed below: : 

Victim List Password : 

If you want your list protected with a password you must write which password you want to use in the blank box. 

CGI Script Name : 

You can choose the script name that doesn't contain Turkish characters. If you want to change the name of the cgi list after you 
created your CGI Victim list will not work. You must change the name when you are creating the file. Default name of your cgi file 
will be prorat.cgi and it will be the best solution for this problem. 

CGI script Data : 

You can choose the script name that doesn't contain Turkish characters. If you want to change the name of the dat extension file 
after you have created it will not work. You must change the name when you are creating your file. Default name for your script 
data file is log.dat and it's the best solution for this problem. This scripts will save the logs coming from server. 

Max Number for List : 

This menu will let you view the number of victims in your list. Default number is 100. You can choose every number for this blank 
but if you choose a number like 10000 explorer will work slow. 

After you setup these details. Click on the "Create CGI files" button. 

How To Use: 

To use this CGI victim list tool. You must have a host with CGI support. You can take a free host from these sites 

http://www.netfirms.com 

http://www.tripod.lycos.com 

After you register an account from a host, you must upload "prorat.cgi and "log.dat" to your hosts cgi-bin folder in ASCII mod. 
Change the CHMOD for "prorat.cgi" to 755, and change the CHMOD for "log.dat" to 600. If you don't know what is CHMOD please 
read the following steps. 

INSTALL + IMPORTANT THINGS + FREQUENTLY ASKED QUESTIONS: 

1- Learn that your hosting supports CGI. If it doesn't have a CGI support use another host with CGI support. 

2- Upload your files to the cgi-bin folder on your host and don't forget to check them you should see 2 files in your CGI directory 
after you upload them. 

3- You must upload your files to your host in ASCII mod. If you upload in binary mod your CGI victim list won't work. If you want 
to solve this problem we recommend to you upload with Cute-Ftp program. Professional FTP programs like Cute-Ftp can 
automatically choose the mod for extensions of files. If you want more details search upload + ASCII + cgi in 
http://www.google.com 

4- Did you setup the files to CHMOD in you host ? 

The value of the Victim lists main file that is "prorat.cgi" must be 755 in CHMOD, and the 'log.dat' value must be 600 in CHMOD. 
You can adjust CHMOD after you upload files with Cute-Ftp. Right click on the file and click on CHMOD and follow the steps : 

prorat.cgi : 

Owner permissions : 

[XjREAD [X]WR7TE [XjEXECUTE 
Group permissions : 

[XjREAD [ ]WR?TE [XjEXECUTE 
Public permisions : 

[XjREAD [ ]WR?TE [XjEXECUTE 

log.dat : 

Owner permissions : 

[XjREAD [X]WR7TE [ ]EXECUTE 
Group permissions : 

[ jREAD [ ]WR?TE [ ]EXECUTE 
Public permisions : 

[ jREAD [ ]WR?TE [ ]EXECUTE 

5- If you say I did all the settings right but my list didn't work : 

Did any edit your prorat.cgi file after you created it? If you edited your prorat.cgi file your list may not work and create a new CGI 
file. 

6- If you say, I'm typing my password into my CGI victim list but my victim list doesn't open we think that you have changed the 
names of your CGI files after you created them, and this may cause this problem. 

Don't forget if you want to change names of files you must name them when you are creating the files from the client, But if you 
are an advanced user you can open "prorat.cgi" with a text editor and edit the settings as you want to do in "prorat.cgi". 

7- If you are typing the correct URL for your victims list but it says "****** named file cannot be found". 

If you have a problem like this maybe you forgot to upload "log.dat" file to cgi-bin folder in host or you changed name of the 
log.dat file after you created it. 

8- IF you forgot the password that you put to your victim list. Create a new one and change the new prorat.cgi with the older one 
and don't forget to note it somewhere. 

9- If you have many victims but they don't get listed on your victim list. Open prorat.cgi with a text editor and come to settings 
part and $show_list = "xxx"; write a value instead of xxx like default number for that is "100" , after you set it, upload and 
replace t with the old file. If you say I can't do that create a new prorat.cgi from Client and type a bigger value for the max 
number of list for example 200. 

10- if you say I did all the things but I don't know how to connect to my victim list. Type http://yoursite/cgi-bin/prorat.cgi on your 
browser and you will see your login page. The important point of you CGI URL is the end of your URL be the name of you cgi file of 
prorat.cgi and type it to the end of your URL. 

For example you have a account like http://prorat.netfirms.com and you didn't give the default name for prorat.cgi and instead 
you used the name counter.cgi. your URL should be like this http://prorat.netfims.com/cgi-bin/counter.cgi 

11- if you say I took a host from tripod but it doesn't give me permission to edit manually CHMOD. That is true some hosts don't 
gives permission for this but we can solve this problem with following steps. 

Login on tripod's page with your username and password and go to F?LE MANAGER. Your files will be shown in a special script 
page and go to cgi-bin folder, check the box next to the ProRat cgi file and click on the button at the left top (EDIT). Now delete all 
the things in prorat.cgi and copy the prorat.cgi that is in your PC to your host and save it. 

12- If you say I did all the things but I can't upload log.dat. Type something on log.dat and try to send it again. After you install 
your victim list you can delete logs with the button named 'Empty Page' button. 

13- If you say that you took a free host with cgi support but the hosting company closed my account. 

If you have many victims, this traffic can be alerted to the admin of company or you only use cgi-bin of your account it can alert 
them too. Now you can open a new account and put a site with 2-3 pages, and put a index and connect to your ex users change 
the older cgi list link with online editor. 

14- If you don't create prorat.cgi with ProRat client and downloaded it from somewhere or if you want to upload it after a long 
time, you can change it to binary mod while you are editing it or downloading it. Download ProRat Client and create your own 
Victim list. 
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15-If you say I tried everything and I did all the things right but my service didn't work: 

If your age is under 16; 

We recommend you to not use ProRat for a couple of years and instead using ProRat go and play games or use your computer for 
education. 

If your age older than 16 and if you're IQ is normal keep away from the Hack world and close your computer... 

Sorry about any spelling errors, new keyboard. 

"Let's start a riot!" 

Current projects: 

NE-T forums 

htt p: // n etcru. f reefo rums.org 
NE-T Crypt FUD 
Nuclear RAT tut 


This entry was posted on Monday, July 28, 2008 . You can follow any responses to this entry through the RSS 2.0 feed. You can leave a 
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